Giters

alisaifee / flask-limiter

Rate Limiting extension for Flask

Home Page:https://flask-limiter.readthedocs.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Use remote address

carkod opened this issue · comments

commented

Is this module using remote address somewhere similar to flask-limiter?

Does it use anything to get the remote address by default?

commented

No, the api requires the caller to provide it.

commented

No, the api requires the caller to provide it.

Thanks for the reply. So how do you limit by IP?

We are using a Python module to apply rate limits, so Flask Limit uses decorators and that doesn't really work for intercepting requests, that's why we are using this module, but it doesn't seem to limit by IP address.

commented

@carkod the scope of the limits library is abstract away the implementation details of using different backend storages such as redis, memcached, mongodb for doing either fixed window or moving window rate limiting. What you rate limit by (for example ip, user etc) is left to the consumer of the library (for example Flask-Limiter, Falcon-Limiter etc).

Could you explain your use case a bit more? Is your application not a Flask application (because then ofcourse, Flask-Limiter will not at all work).

commented

@carkod the scope of the limits library is abstract away the implementation details of using different backend storages such as redis, memcached, mongodb for doing either fixed window or moving window rate limiting. What you rate limit by (for example ip, user etc) is left to the consumer of the library (for example Flask-Limiter, Falcon-Limiter etc).

Could you explain your use case a bit more? Is your application not a Flask application (because then ofcourse, Flask-Limiter will not at all work).

Yes, it is a Flask application, but we are using a Python module to intercept views somethiing like this:

# Flask application
from flask import Flask
from python_module import render_homepage

app = Flask(__name__)
app.add_url_rule("/homepage", view_func=render_homepage)

# Python module
import flask

def render_homepage():
  
    # Handle rate limits here
    ip_remote_address = "127.0.0.1" # just an example
    check_rate_limit = parse("500/day")
    if not check_rate_limit:
        raise flask.abort(429)

    return flask.render_template(
            f"templates/homepage"
     )

Because the before_request is already called, we can't use the Flask Limiter decorator.

commented

Since this is related to Flask-Limiter let’s move the issue to that repo

commented

Any of these approaches should work fine:

from flask import Flask

from flask_limiter import Limiter
from flask_limiter.util import get_remote_address

app = Flask(__name__)
limiter = Limiter(get_remote_address, app=app, headers_enabled=True)

import flask 

# Use the limiter.limit object as a context manager inline
def render_homepage_inline():
    with limiter.limit("500/day"):
        return flask.render_template("...")


# Decorate the function even those this function isn't decorated as a flask "route"
@limiter.limit("500/day")
def render_homepage_decorated():
    return flask.render_template("...")

# Don't do anything and just decorate it when you use it in `add_url_rule`
def render_homepage():
    return flask.render_template("...")


app.add_url_rule("/homepage", view_func=limiter.limit("500/day")(render_homepage))
app.add_url_rule("/homepage_decorated", view_func=render_homepage_decorated)
app.add_url_rule("/homepage_inline", view_func=render_homepage_inline)

app.run()
commented

I think the key would be this line. I haven't thought of doing this way

limiter.limit("500/day")(render_homepage)

Thanks!